This enhances extrausers with a new passwd-expire command that causes
a local user's password to be expired as if the `passwd --expire`
command was run, so the password needs to be changed on initial login.
Example: EXTRA_USERS_PARAMS += " useradd ... USER; passwd-expire USER;"
Tested: on useradd accounts
When configured with Linux-PAM, console login prompts for and can
successfully change the password. OpenSSH server works. Dropbear
SSH server notes the password must be changed but does not offer a
password change dialog and rejects the login request.
Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
usermod)
perform_usermod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
;;
+ passwd-expire)
+ perform_passwd_expire "${IMAGE_ROOTFS}" "$opts"
+ ;;
groupmod)
perform_groupmod "${IMAGE_ROOTFS}" "-R ${IMAGE_ROOTFS} $opts"
;;
fi
set -e
}
+
+perform_passwd_expire () {
+ local rootdir="$1"
+ local opts="$2"
+ bbnote "${PN}: Performing equivalent of passwd --expire with [$opts]"
+ # Directly set sp_lstchg to 0 without using the passwd command: Only root can do that
+ local username=`echo "$opts" | awk '{ print $NF }'`
+ local user_exists="`grep "^$username:" $rootdir/etc/passwd || true`"
+ if test "x$user_exists" != "x"; then
+ eval flock -x $rootdir${sysconfdir} -c \"$PSEUDO sed -i \''s/^\('$username':[^:]*\):[^:]*:/\1:0:/'\' $rootdir/etc/shadow \" || true
+ local passwd_lastchanged="`grep "^$username:" $rootdir/etc/shadow | cut -d: -f3`"
+ if test "x$passwd_lastchanged" != "x0"; then
+ bbfatal "${PN}: passwd --expire operation did not succeed."
+ fi
+ else
+ bbnote "${PN}: user $username doesn't exist, not expiring its password"
+ fi
+}
